System and method for virtual region based access control operations using bim

ABSTRACT

Systems and methods for operating a security system are provided that can include a user interface device displaying a three-dimensional model of a secured area based on a BIM, the user interface device displaying a representation of each of a plurality of security devices in the secured area on the model based on respective coordinates of each of the plurality of security devices in the BIM, the user interface device receiving first user input dividing the model into a plurality of subareas, the user input device receiving second user input identifying a change in at least one operating parameter for at least one of the plurality of subareas, and applying the change in the at least one operating parameter to security devices that are represented on the three-dimensional model of the secured area within the at least one of the plurality of subareas.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of and claims the benefit of thefiling date of U.S. application Ser. No. 13/968,494 filed Aug. 16, 2013.

FIELD

The field of the invention relates to security systems and moreparticularly to methods of administering to the operations of suchsystems.

BACKGROUND

Security systems are generally known. Such systems are typically usedfor the protection of people and assets within a secured area.

In many cases, the secured area is surrounded by some sort of physicalbarrier (e.g., a fence, wall, etc.) with one or more access doors forentry and egress of authorized users. A sensor may be provided on eachdoor and window in order to detect intruders.

The sensors may be monitored by a security controller. Upon activationof one of the sensors, the controller may transmit an alarm message to acentral monitoring station. The central monitoring station may respondby summoning the police.

At least some of the doors may be provided with an input device that maybe used by authorized users of the secured area to provide inputs to thesecurity controller. Inputs may include commands to arm or disarm thesecurity system, to arm or disarm certain doors or simply to allow theuser to pass through an associated door without triggering an alarm.

While existing security systems work well, they are difficult toadminister where the number of entry points, sensors and types ofsensors number in the hundreds and especially where they are used acrossmultiple time zones. Accordingly, a need exists for better methods ofadministering large security systems.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a simplified block diagram of a security system showngenerally in accordance with an illustrated embodiment;

FIG. 2A is a block diagram of a prior art system;

FIG. 2B is a block diagram of a system as in claim 1;

FIG. 3 is a display provided by the system of FIG. 1;

FIG. 4 is a set of steps that may be used by the system of FIG. 1; and

FIG. 5 is an alternate set of steps that may be used by the system ofFIG. 1.

DETAILED DESCRIPTION OF AN ILLUSTRATED EMBODIMENT

While embodiments can take many different forms, specific embodimentsthereof are shown in the drawings and will be described herein in detailwith the understanding that the present disclosure is to be consideredas an exemplification of the principles hereof, as well as the best modeof practicing same. No limitation to the specific embodiment illustratedis intended.

FIG. 1 is a simplified block diagram of a security system 10 showngenerally in accordance with an illustrated embodiment. Included withinthe security system is a number of sensors 14, 16 or a number of sensors14, 16 and cameras 18, 20 used to detect security threats within asecured area 12. The secured area may be located at a single geographiclocation as shown in FIG. 1 or may be a number of geographicallyseparate areas connected by a communication connection.

The sensors may include one or more switches coupled to the doors andwindows around a periphery of the secured area. The sensors may alsoinclude one or more passive infrared (PIR) detectors that are able todetect the movement of intruders within an interior of the protectedspace. Alternatively, the sensors may also include one or moreenvironmental sensors (e.g., smoke detectors, carbon monoxide detectors,natural gas detectors, etc.).

The system may also capture images for security purposes from one ormore cameras 18, 20. The cameras may be used to record events fromwithin the secured area or (with the appropriate processing capability)may also be used to detect threats such as posed by intruders within theprotected space.

The secured area may also include one or more actuator devices(actuators) 22, 24. The actuators may be selected from any of a numberof different types of devices. For example, at least some of theactuators may be audio and/or visual devices (e.g., a siren or siren andflashing light) that announce the detection of a threat within one ormore of the secured areas or subareas. Alternatively, the actuators mayinclude one or more linear actuators that open/close doors. At leastsome of the actuators may also be provided that activate sprinklers thatquench fires or that activate or deactivate fans that clear smoke froman area or subarea.

The secured area may also include combinations of sensors and actuatorsthat operate cooperatively to achieve a security objective. For example,at least some of the sensor and actuator combinations may include a cardreader used in conjunction with a door lock. In this case, the cardreader reads an identification card of a person authorized to use somepart of the secured area and activates the lock to allow entry by thatperson into and out of that part of the secured area.

Included within the secured area or within a central monitoring station28 may be a control panel 26. The control panel operates to monitor thesensors and cameras and to control the actuators in accordance with apredetermined security plan.

Associated with the control panel is a user interface (UI) 40. The userinterface may include an interactive display 42 using a touch-sensitivescreen or may be embodied as a conventional display 42 with a separatekeyboard 44.

Included within the control panel may be one or more processor apparatus(processors) 30, 32, where each operates under control of one or morecomputer programs 34, 36 loaded from a non-transitory computer readablemedium (memory) 38. As used herein, reference to a step of a computerprogram is also reference to the processor that executed that step.

In general, the secured area operates under control of athree-dimensional (3D) building information model (BIM) embodied atleast as data and data structures within memory. In this context, eachsensor, camera and actuator is associated with a respective geographiclocation within the BIM. More specifically, each sensor, camera andactuator has a set of coordinates associated with the device thatdefines where the device is located within the BIM model.

The use of the BIM offers a number of advantages in the execution of thesecurity plan. For example, a BIM processor may be used to display threedimensional models of the secured area on the user interface. Since theBIM also includes a respective coordinate of each sensor, camera andactuator, the BIM processor is able to superimpose the location of eachof each sensor, camera and actuator on 3D images.

The secured area may be divided into a number of subareas, each with aseparate security control subsystem. For example, upon activation of thecontrol panel, one or more of the processors within the control panelwould operate to discover each sensor, camera and actuator within thesecured area based upon a class of the device. For example, intrusionsensors may constitute or otherwise define a first class of device thatwould be discovered by an intrusion processor. Similarly, cameras woulddefine a second class of device that would be discovered by a processorthat processes information from the camera and that would also operateto control certain aspects (e.g., pan-tilt-zoom (PTZ)) of the camera.The processor that discovers cameras may be referred to as a cameraprocessor/controller or simply as a camera controller. Similarly, cardreaders and associated lock actuators would define a third class ofdevice discovered by a reader controller. Actuators would define afourth class of device discovered by an actuator controller.

Each class of device operates under a respective set of parameters. Eachof the set of parameters represents an input to that particular class ofdevice that controls the output of the device or the way the output isprovided.

In general, each class of device has a first set of parameters that areunique to that device and a second set of parameters that are commonwith other classes of devices. An example of the second set ofparameters includes a value of time (e.g., Greenwich mean time). Anexample of the first set of parameters that are not common with otherclasses of devices may include the frames per second set by the cameracontroller in receiving images from the camera, the PIN numbers ofauthorized users used by the card reader controller, etc. Because of thedifferences in operating parameters, each class of device may beconsidered as functioning under its own localized control system orcontrol panel.

Once activated, the user could define a set of operating parameters foreach class of device on an individual basis and globally. For example,the user could define a global clock that would be maintained and usedby each control system. The user may also define a set of time relatedthresholds for at least some classes of device. For example, the usermay define a time in the evening when images from the camera would besaved into an archive for later use if a crime were subsequentlydetected and where the security system sensors did not detect the crime.

Similarly, the user could also define a set of rules for each class ofdevice. Rules in this case represent a broader category of parameters.For example, a rule may define a combination of parameters used by aprocessor class of device to produce a particular output. For example, arule may specify that during a first time period, a camera may simplyrecord video and during a second time period, a camera may performmotion detection. In this case, the first set of parameters includes adefinition of the first time period (start and stop times) and atriggering parameter that causes the recording of video during the firsttime period. The second set of parameters includes the definition of thesecond time period (start and stop time) and a triggering parameter thatactivates a corresponding program to cause motion detection andreporting of motion as an alarm state.

Each class of device has a set of parameters that defines that class ofdevice. For example, a camera may have a first parameter that defineswhether the camera records video frames to memory and a second parameterthat defines whether the camera performs motion detection. The cameramay also have another parameter that defines when the camera performseach function.

Similarly, a card reader/door lock combination may have a set ofparameters that activates and deactivates a corresponding set of rulesfor that device. In general, an identifier of each class of devicesdefines how that device operates and the parameters that activate anddeactivate the functions of that device. Since the devices in each classhave substantially identical functions in terms of the behaviors thatmay be exhibited by the device, the rules followed and the thresholdsfor those behaviors and rules, the functions of each device may bedefined by a parameter file 50, 52 for that device. It should be notedin this regard that since the devices in any one class havesubstantially identical functions, the format of the parameter file ofeach device within a class is also identical. The common format ofparameter files among devices of the same class allows the use of a copypaste function that allows the behavior, rules and thresholds of onedevice in a class to be copied into another device within the sameclass.

Under the BIM, a user may use the BIM processor to divide the securedarea 100 into two or more subareas 102, 104, 106 (see for example, FIG.2B). Dividing the secured area into subareas also causes the controlpanel to divide the control systems of the secured area into arespective set of control systems for the subareas.

In order to divide the secured area, the authorized user may activate aBIM icon on the display 42 of the user interface. The user may thenidentify one or more subareas, regions or security zones within thesecured area by tracing the outline of each subarea using the cursor 45.The user may complete the process by activating an ENTER button on thekeyboard 42 or activating a COMPLETE softkey on the display to createthe virtual regions.

In general, this process is used to define a number of virtual regionsunder a coordinate system defined by the BIM. This process may berepeated any of a number of times as the user creates the virtualregions using the process of FIG. 2. As each zone is created, it isstored into a respective zone file 46, 48.

The creation of a number of subareas may be used as a method of creatinga hierarchy of control systems and operating parameters. The hierarchyallows the system to internally group the devices in each virtual areabased upon the class of the device. For example, the highest level(i.e., associated with the entire secured 12) represents a set of globaloperating parameters. Those subareas that have been divided out can beindependently changed by the user. This is important because the highestlevel can be used to define a global time while the subareas can have atime value that is offset based upon the time zone in which the subareais located. In this regard, the end user can directly click on a virtualregion and can change the time zone. In response, the system willinternally apply the modified time zone to all readers and panels inthat virtual region. Similarly, security settings and rules can bedefined on a global scale and on a local scale.

In one embodiment, the security settings (and parameters) of a parentarea may be copied into a created virtual subarea. Once created, theuser can select the subarea (via the cursor) and adjust parameters ofthe created virtual subarea at will.

For example, each virtual subarea may have a user input including a setof function buttons 300. One function button (e.g., 302) may be providedto adjust global parameters (e.g., time) for that region. Other functionbuttons (e.g., 304) may be used to select a particular class of devicefor that region. Other function buttons may be used to select parametersand to change the respective parameters.

For example, the end user may use a first portion of a user input toclick on virtual region 1 and a second portion of the user input tochoose the “copy region settings” option (FIG. 5). In this regard, a BIMprocessor may display virtual region 1 along with a set of optionsrelated to region 1. One of the options may be the “copy regionsettings” option. Following this step, the end user may right click onregion 2 and choose the “paste” option. In response, a parameterprocessor of the system copies the regional settings of region 1 intoregion 2. Now all of the settings that have been previously applied tovirtual region 1 will be replicated into region 2.

FIG. 2 compares the system described herein with prior systems. Forexample, prior systems (FIG. 2A) only allowed a user to access thesystem on a global level (level 1). If a user should wish to change aparameter, the user would need to access a particular control systemassociated with a particular class of device (level 2). However, thisparticular control system included all of the devices of that classthroughout the system. Once the user has selected a particular controlsystem (i.e., class of device), the user would be given access to thedevices on level 3.

In contrast, FIG. 2B shows that once a user selects a particularsubarea, the user only has access to the devices within that subarea. Inthis regard, once a user clicks on a particular region or zone, thesystem may present a number of classes of devices as shown on level 2and FIG. 3. One class may be a time keeper class of device. Otherclasses may include sensors, cameras or card readers. In addition (andas shown in FIG. 3), the selection of a region shows the 3D image of thedevice under the BIM along with the status of each device within thatregion. This allows for much simpler administration of the securitysystem.

The prior system of FIG. 2A requires the end user to have completeknowledge of the devices in order to perform any action on the system.This increases the cost of the system by requiring that any user havecomplete training regarding the system and increases the possibility ofmistake.

For example, consider the instance in which an end user wants to changethe time zone for a particular area in the secured area. Since thesecured area is embodied as a single logical entity, the user would haveto change the time zone for each device (e.g., each card reader) withinthe particular area. This is a repetitive operation that would need tobe done on all readers within the particular area.

Similarly, consider the instance in which a door forced open alarmoccurred near a building monitoring station (BMS) room and the end useris interested in viewing the recorded video of any camera mounted nearthe BMS room. In this case, the end user has to know the geo location ofeach camera within a list of cameras in order to quickly identify theproper camera.

The system of FIGS. 1 and 2B enables the user to make global changes(i.e., to the extent of the devices located within that subarea) byallowing them to virtually mark any area in the BIM 3D floor plan. Thisallows the user to directly perform all operations (e.g., rules andpolicy setting, grant/deny access, changing time zone, etc.) only onthat subarea. The devices falling within that virtual area will begrouped for that region and all the subsequent parameter changeoperations on that region will reflect back on all the contained devicesto the extent they are a global change for that subarea or in the classof device selected for the change.

In this way, the end user can define the different behaviors, rules,settings, etc. for every virtual region in accordance with the need.This has the effect of completely abstracting the lower level devicesand other non-operator centered details in the system and makes inputsto the system more meaningful. The system completely eliminates the needfor the operators to know device details of the readers, panels and allother low level device details. This helps the end users to more easilyand effectively make changes in the operation of the system.

Whenever changes are made on the virtual regions, like changing a timezone, the system will internally apply all of those changes to thepanels/readers in that region. This imparts a logical and physicalmapping to the virtual areas that allows a user to visually operate onthose regions.

In a particular example, consider a secured area having a number ofsecurity areas, each with a different need for security. With theproposed solution, the operator can draw virtual regions containingdifferent regions (e.g., a datacenter and BMS in one region and anotherregion containing a library and pantry). Now the operator can directlyset rules and perform other access control operations directly on thedifferent virtual region as separate operations. This method providescomplete flexibility over the access control system and allows the endusers to easily configure and segregate the different areas in oneregion.

Consider the example where a fire emergency occurs in a particular areaof a premises and where, for precautionary reasons, the operator shouldtake countermeasures. With the display of a conventional security panelthere is no apparent way for the operator to visually look at thedisplay and inherently know the identifiers of nearby regions so thathe/she can activate the sprinklers in those nearby regions or take someother precautionary measure. Unless the operator has complete knowledgeof the floors/premises/building structure he/she cannot act immediatelyin response to emergency situations.

Consider the example where a secured area has a number of zones withsimilar security requirements, where different rules and behaviors havebeen applied among the zones and where at least one of the zones has arule set that works particularly well. If the operator wants this sameset of behaviors, rules and settings to be replicated into another zoneor into a newly created zone, then (under illustrated embodiments) theoperator is able to directly copy all zone based settings using a simplecopy/paste function available through the user interface.

The system offers a number of advantages over prior methods. Forinstance, the system completely eliminates any need for the operator toknow the lower level device detail of each zone and instead provides theoperator with a system wherein device detail is abstracted in a way thatis flexibly implemented across adjacent zones. The allows an operator tomake changes very quickly and efficiently. Since the system internallytakes care of correlating layouts among zones, human errors areprevented.

In general, the system operates using the steps of a buildinginformation model (BIM) of a security system defining athree-dimensional floor plan of a secured area, the BIM receiving agraphical input from a user defining at least one subarea of the securedarea, a user input of the security system receiving a selection of theat least one subarea of the secured area, the user input of the securitysystem receiving a change in a parameter from the user of the securitysystem, the parameter is used by a plurality of security devices withinthe at least one subarea and changing a corresponding parameter withineach of the plurality of security devices to match the changedparameter.

Alternatively, the system includes a security system having a securedarea, a building information model (BIM) of the security system thatdefines a three-dimensional floor plan of the secured area, a zone filethat defines a plurality of zones within the secured area in accordancewith a coordinate system of the BIM, a user input of the security systemthat receives a selection of the at least one zone of the plurality ofzones within the secured area, the user input of the security systemthat receives a change in a parameter from the user of the securitysystem, the parameter is used by a plurality of security devices withinthe selected zone and a processor that changes a corresponding parameterwithin each of the plurality of security devices to match the changedparameter.

In another embodiment, the system includes a security system having asecured area, a building information model (BIM) of the security systemthat defines a plurality of regions within the secured area, a firstportion of a user input of the security system that receives a selectionof the at least one region of the plurality of regions within thesecured area, a second portion of the user input of the security systemthat receives a change in a parameter from the user of the securitysystem, the parameter is used by a plurality of security devices withinthe selected zone and a parameter processor that changes a correspondingparameter within each of the plurality of security devices to match thechanged parameter.

From the foregoing, it will be observed that numerous variations andmodifications may be effected without departing from the spirit andscope hereof. It is to be understood that no limitation with respect tothe specific apparatus illustrated herein is intended or should beinferred. It is, of course, intended to cover by the appended claims allsuch modifications as fall within the scope of the claims.

1-20. (canceled)
 21. A method comprising: a user interface devicedisplaying a three-dimensional model of a secured area based on abuilding information model (BIM) of the secured area; the user interfacedevice displaying a representation of each of a plurality of securitydevices in the secured area on the three-dimensional model of thesecured area based on respective coordinates of each of the plurality ofsecurity devices in the BIM; the user interface device receiving firstuser input dividing the three-dimensional model of the secured area intoa plurality of subareas; the user input device receiving second userinput identifying a change in at least one operating parameter for atleast one of the plurality of subareas; and applying the change in theat least one operating parameter to security devices in the plurality ofsecurity devices that are represented on the three-dimensional model ofthe secured area within the at least one of the plurality of subareas.22. The method of claim 21 further comprising: applying the change inthe at least one operating parameter to all of the security devices inthe plurality of security devices that are represented on thethree-dimensional model of the secured area within the at least one ofthe plurality of subareas when the at least one operating parameterincludes a global operating parameter.
 23. The method of claim 21further comprising: applying the change in the at least one operatingparameter to security devices of a first class of device in theplurality of security devices that are represented on thethree-dimensional model of the secured area within the at least one ofthe plurality of subareas when the at least one operating parameter isunique to the first class of device.
 24. The method of claim 23 furthercomprising: the user interface device receiving third user inputidentifying the first class of device.
 25. A method comprising: a userinterface device displaying a three-dimensional model of a secured areabased on a building information model (BIM) of the secured area; theuser interface device displaying a representation of each of a pluralityof security devices in the secured area on the three-dimensional modelof the secured area based on respective coordinates of each of theplurality of security devices in the BIM; the user interface devicereceiving first user input dividing the three-dimensional model of thesecured area into a plurality of subareas; the user input devicereceiving second user input identifying a parent subarea and a childsubarea in the plurality of subareas; copying operating parameters fromthe parent subarea to the child subarea; and changing the operatingparameters for security devices in the plurality of security devicesthat are represented on the three-dimensional model of the secured areawithin the child subarea to match the operating parameters for securitydevices in the plurality of security devices that are represented on thethree-dimensional model of the secured area within the parent subarea.26. The method of claim 25 further comprising: changing the operatingparameters for all of the security devices in the plurality of securitydevices that are represented on the three-dimensional model of thesecured area within the child subarea when the operating parametersinclude a global operating parameter.
 27. The method of claim 25 furthercomprising: changing the operating parameters for security devices of afirst class of device in the plurality of security devices that arerepresented on the three-dimensional model of the secured area withinthe child subarea when the operating parameters are unique to the firstclass of device.
 28. The method of claim 27 further comprising: the userinterface device receiving third user input identifying the first classof device.
 29. The method of claim 25 further comprising: the userinterface device receiving third user input identifying the operatingparameters to be copied from the parent subarea to the child subarea.30. A system comprising: a user interface device; a memory device; aprogrammable processor; and executable control software stored on anon-transitory computer readable medium, wherein the user interfacedevice displaying a three-dimensional model of a secured area based on abuilding information model (BIM) of the secured area stored in thememory device, wherein the user interface device displays arepresentation of each of a plurality of security devices in the securedarea on the three-dimensional model of the secured area based onrespective coordinates of each of the plurality of security devices inthe BIM, wherein the user interface device receives first user inputdividing the three-dimensional model of the secured area into aplurality of subareas, wherein the user input device receives seconduser input identifying a change in at least one operating parameter forat least one of the plurality of subareas, and wherein the programmableprocessor and the executable control software apply the change in the atleast one operating parameter to security devices in the plurality ofsecurity devices that are represented on the three-dimensional model ofthe secured area within the at least one of the plurality of subareas.31. The system of claim 30 wherein the programmable processor and theexecutable control software apply the change in the at least oneoperating parameter to all of the security devices in the plurality ofsecurity devices that are represented on the three-dimensional model ofthe secured area within the at least one of the plurality of subareaswhen the at least one operating parameter includes a global operatingparameter.
 32. The system of claim 30 wherein the programmable processorand the executable control software apply the change in the at least oneoperating parameter to security devices of a first class of device inthe plurality of security devices that are represented on thethree-dimensional model of the secured area within the at least one ofthe plurality of subareas when the at least one operating parameter isunique to the first class of device.
 33. The system of claim 32 whereinthe user interface device receives third user input identifying thefirst class of device.
 34. A system comprising: a user interface device;a memory device; a programmable processor; and executable controlsoftware stored on a non-transitory computer readable medium, whereinthe user interface device displays a three-dimensional model of asecured area based on a building information model (BIM) of the securedarea stored in the memory device, wherein the user interface devicedisplays a representation of each of a plurality of security devices inthe secured area on the three-dimensional model of the secured areabased on respective coordinates of each of the plurality of securitydevices in the BIM, wherein the user interface device receives firstuser input dividing the three-dimensional model of the secured area intoa plurality of subareas, wherein the user input device receives seconduser input identifying a parent subarea and a child subarea in theplurality of subareas, wherein the programmable processor and theexecutable control software copy operating parameters from the parentsubarea to the child subarea, and wherein the programmable processor andthe executable control software change the operating parameters forsecurity devices in the plurality of security devices that arerepresented on the three-dimensional model of the secured area withinthe child subarea to match the operating parameters for security devicesin the plurality of security devices that are represented on thethree-dimensional model of the secured area within the parent subarea.35. The system of claim 34 wherein the programmable processor and theexecutable control software change the operating parameters for all ofthe security devices in the plurality of security devices that arerepresented on the three-dimensional model of the secured area withinthe child subarea when the operating parameters include a globaloperating parameter.
 36. The system of claim 34 wherein the programmableprocessor and the executable control software change the operatingparameters for security devices of a first class of device in theplurality of security devices that are represented on thethree-dimensional model of the secured area within the child subareawhen the operating parameters are unique to the first class of device.37. The system of claim 36 wherein the user interface device receivesthird user input identifying the first class of device.
 38. The systemof claim 34 wherein the user interface device receives third user inputidentifying the operating parameters to be copied from the parentsubarea to the child subarea.